Paketname
linuxconf
Datum
2002-09-04
Advisory ID
MDKSA-2002:056
Betroffene Versionen
8.1 i586 , 8.0 i586 , 8.2 i586 , 7.2 i586 , CS1.0 i586

Problembeschreibung

A vulnerability was discovered in linuxconf by Dave Aitel and later by iDEFENSE that is locally exploitable to obtain elevated privilege. By default, Mandrake Linux ships linuxconf as setuid root in versions 7.2 through 8.2. Successful exploitation will yield a root shell. MandrakeSoft recommends that all users take steps and remove the setuid bit from linuxconf. This can be done by issuing, as root, the following command: For users of Linux-Mandrake 7.2, the correct location of the linuxconf executable is /sbin.

Aktualisierte Pakete

8.1 i586

 na 8.1/RPMS/na

8.0 i586

 na 8.0/RPMS/na

8.2 i586

 na 8.2/RPMS/na

7.2 i586

 na 7.2/RPMS/na

CS1.0 i586

 na 1.0.1/RPMS/na

Referenzen